From: "Matthew John Cheetham via GitGitGadget" <gitgitgadget@gmail.com>
To: git@vger.kernel.org
Cc: gitster@pobox.com, johannes.schindelin@gmx.de,
Matthew John Cheetham <mjcheetham@outlook.com>,
Matthew John Cheetham <mjcheetham@outlook.com>,
Matthew John Cheetham <mjcheetham@outlook.com>
Subject: [PATCH v2 4/4] doc: clarify http.emptyAuth values
Date: Thu, 30 Apr 2026 10:54:32 +0000 [thread overview]
Message-ID: <e0f236767f81ea60f90749d1bc00ab78081efd0e.1777546472.git.gitgitgadget@gmail.com> (raw)
In-Reply-To: <pull.2087.v2.git.1777546472.gitgitgadget@gmail.com>
From: Matthew John Cheetham <mjcheetham@outlook.com>
The existing description of http.emptyAuth explains the purpose of the
setting but never says what values it accepts. Readers have to infer
from context (or read the source) that it takes 'true', 'false', or
'auto', and what each one means.
Document the three accepted values explicitly:
* 'auto' (the default) only sends empty credentials when the server's
401 response advertises a mechanism that requires them, such as
GSS-Negotiate. This matches the long-standing auto-detection
behaviour added in 40a18fc77c (http: add an "auto" mode for
http.emptyauth, 2017-02-25).
* 'true' unconditionally sends empty credentials on the very first
request, before any 401 response, for callers that know they want
this behaviour up front.
* 'false' disables the feature entirely; mechanisms that depend on
empty credentials, such as GSS-Negotiate, will not work in this
mode.
Signed-off-by: Matthew John Cheetham <mjcheetham@outlook.com>
---
Documentation/config/http.adoc | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/Documentation/config/http.adoc b/Documentation/config/http.adoc
index 849c89f36c..792a71b413 100644
--- a/Documentation/config/http.adoc
+++ b/Documentation/config/http.adoc
@@ -59,7 +59,18 @@ http.emptyAuth::
Attempt authentication without seeking a username or password. This
can be used to attempt GSS-Negotiate authentication without specifying
a username in the URL, as libcurl normally requires a username for
- authentication.
+ authentication. Possible values are:
++
+--
+* `auto` (default) - Send empty credentials only if the server's 401 response
+ advertises an authentication mechanism that requires them (such as
+ GSS-Negotiate); otherwise fall back to prompting via the credential helper.
+* `true` - Always send empty credentials on the very first request, before
+ receiving any 401 response from the server.
+* `false` - Never send empty credentials. Mechanisms that require
+ empty credentials or an explicit username, such as GSS-Negotiate, will not
+ work.
+--
http.proactiveAuth::
Attempt authentication without first making an unauthenticated attempt and
--
gitgitgadget
prev parent reply other threads:[~2026-04-30 10:54 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-16 9:20 [PATCH 0/3] http: fix emptyAuth=auto for Negotiate/SPNEGO Matthew John Cheetham via GitGitGadget
2026-04-16 9:20 ` [PATCH 1/3] http: extract http_reauth_prepare() from retry paths Matthew John Cheetham via GitGitGadget
2026-04-16 16:21 ` Junio C Hamano
2026-04-16 9:20 ` [PATCH 2/3] http: attempt Negotiate auth in http.emptyAuth=auto mode Matthew John Cheetham via GitGitGadget
2026-04-16 16:40 ` Junio C Hamano
2026-04-28 14:38 ` Matthew John Cheetham
[not found] ` <xmqqse8dz4pi.fsf@gitster.g>
2026-04-30 10:53 ` Matthew John Cheetham
2026-04-16 9:20 ` [PATCH 3/3] t5563: add tests for http.emptyAuth with Negotiate Matthew John Cheetham via GitGitGadget
2026-04-30 10:54 ` [PATCH v2 0/4] http: fix emptyAuth=auto for Negotiate/SPNEGO Matthew John Cheetham via GitGitGadget
2026-04-30 10:54 ` [PATCH v2 1/4] http: extract http_reauth_prepare() from retry paths Matthew John Cheetham via GitGitGadget
2026-04-30 10:54 ` [PATCH v2 2/4] http: attempt Negotiate auth in http.emptyAuth=auto mode Matthew John Cheetham via GitGitGadget
2026-04-30 10:54 ` [PATCH v2 3/4] t5563: add tests for http.emptyAuth with Negotiate Matthew John Cheetham via GitGitGadget
2026-04-30 10:54 ` Matthew John Cheetham via GitGitGadget [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e0f236767f81ea60f90749d1bc00ab78081efd0e.1777546472.git.gitgitgadget@gmail.com \
--to=gitgitgadget@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=johannes.schindelin@gmx.de \
--cc=mjcheetham@outlook.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox